Search blog

Google Warns Again: Your [Gmail] Account Could Be At Risk Of State-sponsored Attacks

Admit it: you turn to Google for everything. Want to find a cool restaurant? Google is your best advisor. Want to learn Japanese? Well, again, Google can return a wealth of tutorials upon search. Google seems to know everything and we trust it. Especially when it warns us: “Your account could be at risk of state-sponsored attacks,” we rush to the page where it provides us with internet security tips on how to protect ourselves and read every word, carefully and avidly. But wait! State-sponsored attacks?

New wave of “state-sponsored attack” warnings from Google

In June 2012, a number of Google/ Gmail/ Chrome users were surprised to receive a notification from Google reading: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.” Another big wave of warnings against state-sponsored attacks was released by the giant in October 2012 and again this month, now warning journalists in Myanmar of such possible attacks. Here’s a snippet of Google’s warning. The “Protect yourself now” leads to Google’s Support page offering a bunch of security tips. What catches our eye in the message is “state-sponsored,” a rather controversial term as it hasn’t really been “officially” acknowledged by the powers that be. However, Google goes beyond every speculation and clearly articulates it, as a way of saying “folks, these are real – put all your shields up!”

How does Google know the attacks are state-sponsored? And why does it clearly state it?

In a blog post dated June 5th, 2012, Eric Grosse, Google’s VP Security Engineering offered an explanation: “You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.” Later on, in October, the New York Times issued an article quoting Mike Wiacek, a manager on Google’s information security team, who noted that Google had seen an increase in state-sponsored activity coming from the Middle East, but offering no specifics. Since then, other security experts have started to use the term, as part of their assumptions regarding cyberwarfare. Even though, so far, the users who’ve reportedly received the warning from Google are mainly journalists and foreign policy experts, the fact that these state-sponsored hacks are happening calls for greater security awareness and measures to be taken by every web surfer out there. As we’ve already predicted, we can only expect to hear more of such attacks in the near future.

5 imperative security measures BullGuard recommends you take:

As Google advises, “whenever you sign in to Google products, make sure that the webpage address shown at the top of your browser window starts with http://accounts.google.com/”. But keep this advice in mind when signing in to any online account you have (the address of the webpage should start with “https”).

Enable the 2-step verification functionality for every online account you have that supports this functionality.

Don’t click on links or attachments in suspicious emails from people you don’t know. If you receive emails from banks or other institutions asking you for credentials to the account you have with them, don’t hand over your details via email. Contact them in person or by phone.

Keep all your computer programs, browsers and operating system always up to date. The Vulnerability Scanner in BullGuard Internet Security 2013 helps you to easily spot outdated software versions before hackers can exploit them.

Use a comprehensive internet security solution, like BullGuard's, to keep malicious software off your computer and hackers at bay.